libftpio

Christer Öberg christer.oberg at deprotect.com
Mon Aug 16 04:38:57 PDT 2004


Hi,

There are a couple of overflows in ftpio.c




--- lib/libftpio/ftpio.c	2004-08-16 12:21:45.000000000 +0200
+++ lib/libftpio/ftpio.new.c	2004-08-16 12:21:10.000000000 +0200
@@ -204,7 +204,7 @@
     off_t size;
 
     check_passive(fp);
-    sprintf(p, "SIZE %s\r\n", name);
+    snprintf(p,sizeof(p), "SIZE %s\r\n", name);
     if (ftp->is_verbose)
 	fprintf(stderr, "Sending %s", p);
     if (writes(ftp->fd_ctrl, p))
@@ -230,7 +230,7 @@
     int i;
 
     check_passive(fp);
-    sprintf(p, "MDTM %s\r\n", name);
+    snprintf(p,sizeof(p), "MDTM %s\r\n", name);
     if (ftp->is_verbose)
 	fprintf(stderr, "Sending %s", p);
     if (writes(ftp->fd_ctrl, p))
@@ -465,9 +465,9 @@
     if ((name = index(cp ? cp : host, '/')) != NULL)
 	*(name++) = '\0';
     if (host_ret)
-	strcpy(host_ret, host);
+	strlcpy(host_ret, host,255);
     if (name && name_ret)
-	strcpy(name_ret, name);
+	strlcpy(name_ret, name,255);
     return SUCCESS;
 }
 
@@ -684,7 +684,7 @@
 
     va_list ap;
     va_start(ap, fmt);
-    (void)vsnprintf(p, sizeof p, fmt, ap);
+    (void)vsnprintf(p, sizeof(p) - 2, fmt, ap);
     va_end(ap);
 
     if (ftp->con_state == init)




More information about the Bugs mailing list